Just to give an idea about how I'd subclass the second stage
("Is this message spam?"):
- sender rating
- sender black/whitelisting
- RMX results (possibly with black/whitelisting)
- signature verification result (possibly with black/whitelisting)
- has sender been authenticated?
- does the sender's MX accept messages sent to this
address?
- context analysis
- is this message somehow related to earlier
traffic with the other party? (e.g. is a
direct reply, did we discuss similar contents
with that particular party earlier?)
- did the message contain a valid cookie?
- mass mail detection
- Try to determine whether other recipients received
the same mail, e.g. ask databases, hash value methods
- content analysis
- statistical methods
- patterns
- blacklisted words ("penis enlargement devices", "money transfer
from africa")
- size constraints
- meta rules
combine results of other methods
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg